Apple’s Audio Codec that was developed in 2004 and made as open source software since 2011 is reportedly filled with severe security vulnerabilities that could trigger panic among Android users.
Apple Lossless Audio Codex (ALAC) is the open source software that is in discussion and is now been picked up by many smart phone manufacturers such as Qualcomm and MediaTek.
Cybersecurity Firm Check Point has detected that the open source software hasn’t been updated from the year 2011 and so there is a high probability that it could have been cyber attacked by cyber crooks by exploitation of ALHACK vulnerability.
MediaTek took a note of the vulnerability that led to two flaws CVE-2021-0675 and CVE-2021-0674 both assigned as high and medium scale flaws, while Qualcomm identified the flaw as a critical severity by tagging it as CVE-2021-30351.
Reports are in that Apple has been improving the proprietary version of Codec from time to time and so no worries to its users. But has shown neglect towards the open source code that is now being used by 3rd parties as open audio decoders.
Note 1- If in case a cyber crook has their hands on the audio codec, then there is a high probability that they can access the camera and media folder of android users with no big effort.
Note 2- More technicalities will be revealed in a detailed way at the CanSecWest Conference in Vancouver, say Check Point researchers.
